November 15, 2023 • 32 mins
| Dr. Ralph Ford, chancellor of Penn State Behrend, talks with alumnus Jeremy O’Mard, senior managing consultant at IBM, about how artificial intelligence is changing the cybersecurity landscape.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Dr. Ralph Ford (00:00):
I'm Dr. Ralph Ford, Chancellor of Penn State
Behrend and you're listening toBehrend Talks. My guest today is
Jeremy O'Mard, a Behrend alumnuswho now works as a senior
managing consultant in thehybrid cloud management practice
at IBM Consulting. Welcome here,Jeremy.
Jeremy O'Mard (00:16):
Thanks for having me.
Dr. Ralph Ford (00:17):
Well, you're not a stranger. I known you for a
few years. But I'm going to takea few minutes. And I'm going to
read through your biography,because it's quite impressive.
You're a 2013, graduate of theManagement Information Systems
Program here at Behrend. Andvery nicely, you were just one
of 16 Alumni chosen to receive a2021 Penn State Alumni
(00:39):
Achievement Award, which honorsalumni, 35 years of age and
younger for extraordinaryprofessional accomplishments.
And only about 100 alumni havereceived that to date. And eight
of them are Penn State Behrendgraduates. And we're super proud
that you got that award. And youshould be as well. Absolutely.
And I'll go a little further. Asa managing consultant and
(01:01):
systems engineer with IBM saysyou're responsible for the
installation, maintenance andsecurity of the company's
commissary, advanced rescaledtransaction system, hardware
software solution used at theDepartment of Defense
commissaries around the world.
And some of that may be a littleout of date, we'll get into all
the things that you do, I justwant to talk a little bit about
(01:22):
you know, recognize the workthat you do care for bear and
your treasure of barons, blackleadership alumni Coalition,
which we all affectionately callhere be black. And you are
president of the university'sAfrican American alumni
organization of DC interestgroup. And you also volunteer
with the Maryland Defence Force,a Volunteer State Military
(01:43):
agency, and one of the fourcomponents of the Maryland
military departments. So a lotof great accomplishments and
only 10 years out. Anyways, I'lljust start by saying what
brought you to Penn StateBehrend? How did you end up
here?
Jeremy O'Mard (02:00):
Yeah, so I always knew that I wanted to come to
Penn State. During the collegerecruiting cycle. My focus was
really on Penn State, VirginiaTech and Maryland. Maryland, of
course, being where I'm from wasway too close to home. So I
decided to not go to Universityof Maryland. Great decision, by
the way. So it really came downto Penn State and Virginia Tech.
And when I actually came tovisit Behrend campus, I fell in
(02:21):
love with the faculty, thestaff, the campus life, and the
fact that there's just so muchnatural beauty around the
Behrend campus. Decide the Simonway.
Dr. Ralph Ford (02:31):
Well, as we were discussing when you came in
today, well, I'll mark the datetoday is Monday, November 6, and
you've got a day full ofactivities, including being the
featured speaker here on campusin the Behrend speaker series
this evening, and we'll talkabout that. But you said the
first place that you came tocampus is the building that
we're in right now, which is thehistoric Glen Hill Farm. So did
(02:53):
you just wander in here andknock on the door? How did you
end up in this building?
Jeremy O'Mard (02:57):
For whatever reason they told us to report
here, we did a campus tour. AndI know Miss Felicia was here.
And Giselle Hudson was here aswell. And they were one of the
first two faculty that I met,when ironically, I still keep in
contact with them to this day.
So today feels almost like amini homecoming, just because
I'm kind of going through themotions and revisiting the
campus. I'm looking at it from aunique perspective now being an
(03:19):
alumna.
Dr. Ralph Ford (03:21):
Well, you know, now that you mentioned, when you
came here to visit, we actuallyhad the admissions people
probably here in this building.
And shortly thereafter, we movethem to the Metzger, alumni and
admission center once that wasbuilt, so it makes a lot of
sense. So, you know, you decidedto choose management information
systems, did you have a careerpath in mind? Or did it just
sound like, hey, that'ssomething interesting that I
(03:43):
wanted to study, or did you knowwhat you wanted to do?
Jeremy O'Mard (03:47):
Yeah, so I always knew I wanted to get involved
with technology. That was theeasiest part. Honestly, I
actually started as a computerengineer major, and I was having
a conversation with my RA. And Iknow I kind of want to get into
consultant and he kind of gaveme an overview of the MIS
program. And in my opinion, thataligns perfectly with what I
wanted to do, because itprovided you both with the
business aspect, as well as thetechnology aspect. And I was
(04:09):
also able to get my SAPcertificate on top of that. So
once I learned about thebenefits mis how the program was
structured, and how it reallyallowed you to focus on both the
technical and business side, Idecided to have a conversation
with one of the academicadvisors. And once I had that
conversation, I felt reallycomfortable about switching to
mis and here I am today, seniormanaging consultant at IBM and I
(04:29):
felt as though I made a greatdecision.
Dr. Ralph Ford (04:31):
Well, it's a great combination bill to get
that degree. And then like yousaid, like SAP certificate and a
lot of other things that you canadd on and mask who are the
influential faculty members inthe MIS program.
Jeremy O'Mard (04:45):
So one caveat, I really have to say that I really
did love my time at Behrend,especially as a MIS practitioner
and the course that materialthat was provided it really
prepared me for the realbusiness world. Ironically, my
first project and IBM is federalsector was working with
Citizenship and ImmigrationServices. And the project was
based on Agile softwaredevelopment, which is exactly
(05:07):
what I learned during my time atBehrend. So it was nice to
actually learn about the topicand actually see it come to
fruition, coming out ofundergrad, because I know one of
the biggest concerns is youlearn so much in university, but
you really get to apply what youlearned. And I can say, without
a doubt, Behrend did prepare mefor the real world. Now going
back to the question or thetopic of faculty who really left
(05:28):
an impression on me, first andforemost, Dr. Noce to this day,
I still have conversations withher. And she really helped to
shape my early professionalcareer track, but you don't miss
it as well, especially when wefocused on all things business
intelligence, that was one of myfirst standout positions within
IBM as well, having that courseload focusing on IBM Cognos
Tableau Power BI. And when Iworked with our Business
(05:51):
Intelligence Team for USCIS, Iwas able to kind of just hit the
ground running because Iunderstood those early
foundational concepts. So Idefinitely say those two are
people who to this day, I wantto say thank you for just being
able to provide me with realworld insight.
Dr. Ralph Ford (06:05):
Yeah, they're great faculty members of his
great faculty for the entireprogram. And, you know, I'm not
in the program, but I'm acomputer electrical engineer,
and have had the pleasure towork with them. And I know
they're very passionate aboutsystems design, all those things
make sense to me. And by theway, I'm a former IBM or myself.
And I wrote a book onengineering design, which was
(06:29):
really a systems design bucking,I've always held that if I
didn't have that experience,integrating complex systems when
I was at IBM, I would have neverwritten that book. And I think
that it really added a lotbecause of that, that experience
of really added a lot to theprofession that was missing. But
anyway, so let's talk as well.
So you know, you had the greatacademic side to your experience
(06:49):
here. But let's talk about thethings that you did outside of
the classroom. What were thethings that you were involved
in? I know you were involved inDelta Chi and Multi Cultural
Council and some otherorganizations? What was that
experience? Like here on campus?
Jeremy O'Mard (07:03):
Yeah, absolutely.
So I'm a firm believer of to getthe whole college experience,
you have to focus on both theacademic side as well as the
social aspect. And honestly,getting involved with the
various student organizationshave helped me to take
leadership roles, not onlywithin IBM, but then the
Maryland Defence Force as well.
The beauty of working withstudent based organizations are
(07:23):
they're all diverse based on thenature of the organization. And
just like in the real world,whether it's corporate America,
whether it's in the publicsector, whether it's an
academia, being able to kind ofwork with a diverse populace is
a strength in itself, becauseyou have diversity of thought.
And you understand that you havethe option or the ability to
look at things from a uniqueperspective. So getting involved
(07:45):
with those students,organizations really allowed me
to hone my leadership skillsreally work with a diverse set
of individuals, and really getto try things in a relatively
safe manner. Because as astudent leader, if you fail, you
often fail, recover, and tryagain. And I feel as though if
you've never had the opportunityto fail, or as I like to say,
fail fast. When you get into thebusiness world or the post grad
(08:07):
world, you're kind of shy orhesitant to try or take risks,
because you just never had thatopportunity or forum to really
fail in a safe manner. Sostudent organizations really did
allow me to kind of hone hone myleadership skills, and try new
and unique things.
Dr. Ralph Ford (08:22):
And you were not only involved in leadership
organizations, but you served asa mentor, you were in a program
known as the Fast Start PeerMentor Program. Do you remember
that and what it was?
Jeremy O'Mard (08:32):
Absolutely. So Fast Start really connects.
There's a three components ofit. There's a student piece for
the income refreshments, and youhave student mentors, you have
alumni mentors, and then youhave faculty mentors, and I
actually was able to participateboth as a student mentor and as
well as an alumni mentor, andbest starts a great way to pay
for it because I remember myfirst couple of weeks at Baron,
(08:53):
you're trying to kind of, youknow, figure out what to do with
how to navigate the college lifescene. And having someone who's
been there done that had this tshirt to prove it was a great
way to kind of pay for them.
Help them the next generation ofPenn say there's really kind of
understand what's out there. Asfar as academia goes. And
Dr. Ralph Ford (09:13):
while you're here, you received a university
wide award. Notice the JacksonLethbridge tolerance award. And
it recognizes a student foroutstanding efforts to create a
community where everyone isequally valued in our community.
So what did what did receivingthat mean to you?
Jeremy O'Mard (09:29):
Yeah, so it caught me completely off guard
because sometimes, when you dowhat you love, and when you just
really just want to continue tomake your campus a better place.
You kind of don't really thinkabout awards or receiving any
type of recognition. So when Igot the letter of notice,
stating that I was the recipientof the award and they were
(09:49):
having ceremonies both atBehrend as well as University
Park campus. It caught mecompletely off guard just
because I was recognized forproviding the solution working
with the client In theeducational equity to provide a
proof of concept for informationsystem that would consolidate
student data's. So admissionsfaculty and other staff would be
able to kind of monitor theprogress of students and
(10:12):
understand some of their painpoints when it comes to
traversing the academiclifecycle. And that was probably
one of my mis projects. And itjust made sense for me just
because of how involved that waswith educational equity. So when
I was recognized for it, Ididn't even think anything of it
just because it was justsomething I wanted to do, the
better the university. So it'snice to be recognized for stuff
that advances the cause of amajor university. But they've
(10:35):
just really caught me off guard.
Dr. Ralph Ford (10:37):
It was nice, and that it really connected what
you were doing in the classroomand your your coursework. And so
great experience. And right nowyou're you're currently
involved. So you've remainedinvolved at Barrington. I'm
always happy to see you at theparents family alumni weekend,
and probably more than that eacheach and every year as you come
back to campus. But oneorganization that's been formed
(10:59):
in the last few years issomething called the Behrend
Black Alumni Coalition, and it'shaving a large impact. What is
it? And what do you do?
Jeremy O'Mard (11:06):
Yeah, so what do I do? I'm the treasurer for
BBLAC. I'm the inauguraltreasurer at that. So that's
kind of cool. And be back isreally a way to kind of foster
the alumni experience, postgrad.
One thing, having been involvedwith the AAA owes the African
American alumni organizationswithin the Penn State Alumni
Association. And one of thenumber one complaints that we
receive is, once you leave theuniversity, whether you're at
(11:28):
University Park, whether you'reat one of the commonwealth
campuses, if you're outside ofthe state of Pennsylvania, it's
kind of hard to foster that PennState relationship. So
leveraging what I knew and whatI experienced with the AAAO's, I
worked with the leadership forBlack to really provide a way
for black alumni and supportersof the mission to be black to
kind of have a way to stayinvolved with the university to
(11:50):
understand some of the major keypoints such as recruitment and
retention of students of color,and really to provide them with
a forum for where they can kindof voice their concerns. So I'll
work with the university as wellas students to come up with
programs and ideas to recruitand retain students of color,
and to really still stayconnected with the university.
Dr. Ralph Ford (12:11):
So do you have any particular students that
you're working with right nowand mentoring through that?
Jeremy O'Mard (12:15):
Yes. So ironically, one of the students
that I'm mentoring actuallywasn't Ruby black, but it was
through my work with IBM, andshe actually participated in IBM
had a program that just kind ofprovided various some overviews
of the different tracks andconsultants, which is business
analytics, cybersecurity,infrastructure and software
development. And we kind offoster the relationship just
(12:36):
based on the fact that we wereboth 10 sailors who magically
were assigned to each other. Andshe was also focused on
cybersecurity as well. And tothis day, we still have ongoing
conversations. She's doingpostgrads studies at Penn State
again, which is awesome. Andshe's still pursuing additional
certifications withincybersecurity looking to obtain
their security plus, so that'sthe beauty of Penn State,
(12:57):
there's always people who wantto continue to hone their skill
sets and leverage the experienceof alumni. And I just love the
ability to be able to give backand pay for it to the next
generation of students andalumni leaders.
Dr. Ralph Ford (13:10):
Well, we appreciate it. And the whole
institution benefits. Let meswitch now though, to to your
industry career. So you'veserved in a number of roles and
IBM since 2014. I'll just runthrough a few you helped the
Department of Homeland Securitytransition the US Citizenship
and Immigration Services from aform and paper based system to a
(13:33):
new electronic platform. You'vehelped the army develop and
maintain a web based tool fortracking the professional
development of noncommissionedofficers. My guess is you do a
lot of top secret work that youcan't really talk about, and
tell us. But what's your joblook like day to day? What is it
that you do?
Jeremy O'Mard (13:52):
So the beauty of consultant is my job changes
based on my client, which isawesome, because every new
clients a new job or a newopportunity. So if you're
someone who gets bored of doingthe same thing over and over
again, I highly recommendconsultant because you can kind
of shape your day to dayactivities. Currently, I still
support the Defense CommissaryAgency. And the beauty of that
project is, wherever theDepartment of Defense has a
(14:14):
commissary around the world, IBMhas a footprint. So it's a
powerful gift in the curse,because I work with our system
engineering team. And I'mresponsible not only for the
availability of the application,but security standpoint as well.
So monitoring over 5000endpoints distributed across 100
Plus locations around the worldas a job in itself. But I do
(14:34):
like the work that I do. I getthe ability to travel overseas.
I've been to Pearl Harbor,Hawaii, I've been to Okinawa,
and I've really just had theability and the opportunity to
see how our solution actuallybenefits our service members.
And they always joke and saythat commissary privileges are
their number one benefit forserving our nation. So to ensure
that those systems are up andrunning, and that they are able
(14:57):
to kind of capitalize on thosebenefits is a huge win. My book.
So you,
Dr. Ralph Ford (15:02):
you're based in DC, Virginia, Maryland area
correct. And you've haven't hadto move around, but you get to
travel all over the world.
Absolutely. That's pretty gooddeal. Like you're close to home,
you're close to learn the actionin this country. So it's a good
place to be. So you workdirectly with the federal
government. Correct? And how doyou like working with the
government? You know, we knowit's large and complex, you
(15:22):
know, but it sounds like you'redoing some really interesting
projects.
Jeremy O'Mard (15:27):
Yeah. So I always knew once I graduated from Penn
State, one to work withgovernment in some capacity,
whether it was being a civilservant, or whether it was being
a contractor. And IBM gave methe ability to kind of wear both
hats, especially since we have alarge federal clientele. So I do
like working with the federalgovernment. Because ultimately,
when you advance their missionhas real world impacts on the
(15:48):
average citizens. And residentsof the United States as well as
our allies as well. In my space,I focused on defense and Intel.
So not only am I working with usbased organizations, but I'm
working with some of ourpartners as well. And I'm
actually a part of a internalconsortium within IBM that
focuses on the defense and intelcommunity across the world. So
it's nice to work with otherpractitioners in the UK and
(16:09):
Italy and France, and kind ofpick their minds and see how
their government organizationsare handling certain issues,
especially in the cyberspacedomain.
Dr. Ralph Ford (16:17):
And you also you volunteer for something called
the Maryland Defense Force.
Correct. And what is that?
Jeremy O'Mard (16:23):
Yeah, so the Maryland Defense Force is one of
a number of state defense forceswithin the United States and its
territories. The big differencebetween state defense forces and
a state or territory is NationalGuard and state defense forces
are strictly a state asset, theyfall under Title 32, whereas
National Guard to be federalizedunder Title 10. So the biggest
differences were strictly stateasset, we have no federal
(16:44):
funding whatsoever, which isunique, because there are
oftentimes opportunities wherewe're cross training with our
state's National Guard, becausethey're getting ready to be
deployed overseas or support thefederal mission. And we serve as
a force multiplier for ourNational Guard counterparts.
Because, of course, when theyleave their respective states or
territories, that leaves acritical shortfall within that
(17:05):
given area of responsibility.
And that's where state defenseforces really have the ability
to kind of shine and focus onthat critical gap that needs to
be maintained.
Dr. Ralph Ford (17:14):
It's pretty amazing, actually, that that's a
volunteer force and theimportance of the work that you
do.
Jeremy O'Mard (17:19):
Absolutely. The historical origin of state
defense forces, some statesrefer to them as state guards or
state military reserves. It goesback to the early colonial times
where states only had themilitia. But the formal statute
goes back to the early 1900s,during World War One. And
sometimes there areopportunities for paid
positions, especially whenyou're called up to say active
(17:40):
duty. But nine times out of 10,most folks who served with the
state defense force areliterally serving on volunteer
status, which is also unique initself, because of course, our
National Guard counterparts doget paid when they have their
traditional drill weekends. Andthere's a running joke,
especially in Maryland with ourNational Guard and our state
defense force, where they liketo say that, hey, the folks from
the Maryland Defence Force,they're here because they want
(18:01):
to be here. So you guys have tomake sure that you're doing your
job because they're here to doit no matter what.
Dr. Ralph Ford (18:06):
Very nice. Well, in you know, more recently, in
2019, in your work at IBM, youstarted to oversee the day to
day operations, something knownas the security infrastructure
team, which providesauthentication and disaster
readiness for the SocialSecurity Administration, hugely
important to this country. Andyou manage a whole variety of
(18:28):
things from security tomaintenance and upgrades. Can
you tell us what that's about?
Jeremy O'Mard (18:33):
Yes. So that was unique project in itself,
because, again, like he focuseson the defense and Intel side,
so going to Social Security, Ikind of wanted to shake things
up and still stay within thesecurity infrastructure domain,
but focus on different clienttell base, and just learn about
the Social SecurityAdministration, and how the
application that we oversaw,really was the focal point for
(18:54):
everything. So security did thatin itself was amazing, because
every service has to go throughour system. And just seeing the
amount of transactions that arebeing run the amount of personal
identifiable information andsensitive information going
through the system andunderstanding how you need to
secure that information. Thatwas kind of eye opening, because
Social Security does impact usall. So having that footprint
(19:16):
and having a project that hassuch a high level of importance.
I was kind of humbled to be apart of that project, because
our team literally worked aroundthe clock to make sure that the
application was up and running,and that the security services
were running in the background.
And ultimately, that folks whowere entitled to their benefits,
were able to get them in atimely and efficient manner.
Dr. Ralph Ford (19:35):
Yeah, I can imagine that. It's a ripe target
for hackers and phishing andtrying to trick people and you
know, as they say, defendershave to be right 100% of the
time, but bad guys only have tobe right once. Absolutely.
That's puts a lot of pressure onyou.
Jeremy O'Mard (19:50):
It does. I think the beauty of it though, is you
understand the importance of setsystem so they kind of offset
some of the pressure, not 100%Because there's always going to
be the Last year, when you'reworking on services or systems
that have national importance,but at the end of the day, when
they run you, you kind of feelrewarded, because your system is
literally doing something thatpeople depend on at the end of
(20:12):
the day.
Dr. Ralph Ford (20:13):
So, you know, can you give us a flavor, we
always know hackers have been athreat. We all experience it on
a day to day basis, but what yousee has to be super
sophisticated. Can you tell us abit about what are the threats
like and how are they constantlyevolving?
Jeremy O'Mard (20:29):
Yeah, so it's interest that you brought the
sophisticated aspect of it,because it really depends on the
threat actor. So for example,working with a lot of mine,
defense contractors, most of ourbiggest adversaries are other
nations. And of course, theyhave unlimited resources to
leverage the latest tactics,techniques and procedures to
exploit the system. So sometimesyou really do see some advanced
(20:51):
exploits being thrown at yoursystem. But nine times out of
the 10. In most use cases thatI'm tracking, one of the biggest
attack vectors is socialengineering, because at the end
of the day, humans are both thestrongest and the weakest link
in the security chain. From asecurity and cyber awareness
perspective, if you're aware ofwhat the adversary is doing,
you're less likely to fall fortheir scams and compromised
(21:14):
system. But if you're not aware,they don't necessarily the hack
into the system, they just needto hack you. So social
engineering has been a hugething that we're focusing on.
And even in my role with theMaryland Defence Force, one of
our biggest campaigns is toreach out to the communities and
host cyber awareness and digitalhygiene related courses so that
those in the communityunderstand how hackers how
(21:36):
scammers compromised both peopleas well as systems and what you
can do as the average person tostay ahead of the adversary at
the end of the day.
Dr. Ralph Ford (21:43):
You know, it is it is amazing. And you think
you're really smart, figuringthem out, and seeing them. But
it's not always so clear nowthat I actually got caught in
one a few years ago, when I wastrying to get a passport, it
looked to me like it was theUnited States Government
website, and I had no idea itwas a different one, I was able
to resolve it pretty quickly.
But my point is, I oftenassociate this with people who
(22:03):
don't work day to day withcomputers. And the one day they
got me it was, it was a humblingexperience, actually, to realize
I just didn't quite look farenough into it.
Jeremy O'Mard (22:14):
Yeah, I think both the cool and scary part
about social engineering,they're literally companies that
work a nine to five to focus onscamming people. And when you
think about just how organizedsome of these organizations are,
it's kind of impressive, butit's also kind of scary at the
same time, because they havepeople who are clocking in just
like you and me on a day to daybasis to kind of understand how
(22:35):
humans traverse the internet andhow to kind of compromise them
at the end of the day. So itbecomes a digital game of cat
and mouse to see who's going tostay ahead of each other.
Dr. Ralph Ford (22:44):
It's rather frightening, but you know, it is
human nature, we shouldn't kidourselves, you think that people
would spend, if they were goingto work nine to five, they might
actually work on somethingproductive, but they find
themselves trying to do that.
And that's what happens a lotout there. And they know, of
course, we know security, theytrying to prey on elderly
people. And you know, there's alot there that all of us have a
vested interest in from ourfamily members and parents and
(23:07):
the like. So anyways, it's it'simportant that we have people
like yourself trying to protectthem. So now, you know, as we
hear about cybersecurity, andevery day in the news, we hear
the term AI ArtificialIntelligence. What does that
mean, in terms of the work thatyou do? And is it changing what
(23:27):
you're doing?
Jeremy O'Mard (23:29):
Yes. So the beauty of AI right now,
especially in the federalspaces, the biggest thing that
we're focusing on is regulation,and everything that stay the
security and privacy relatedbecause one of the biggest
concerns with AI is the factthat technology is outpacing
current regulations. And one ofthe focal points is, so you have
these systems that are able toingest data and manipulate data
(23:51):
to provide you with services andvalue at the end of the day. But
who owns the data? And who'sresponsible if the state is
leaked? And how do we ensurethat these systems don't have
bias or an end to them, becausefor most AI systems to learn,
they have to be provided with asample set of data. And who's to
say that that data is bothrepresentative of the user base
(24:14):
that you're trying to serve?
Who's to say it hasn't beencompromised. So regulations
really the biggest thing from myside of the house that we're
focusing on, because especiallywith the federal government, if
your systems aren't federallycertified, you can't deploy them
into production. So there are alot of things such as IBM
Watson, there's Chet GPT,there's Google barred, but
really, the government can'ttouch these systems unless
they're on their federallycertified platform as well. So
(24:35):
we're trying to figure out howto certify that the systems are
working as designed and that thealgorithms behind set systems
are transparent so that theaverage person can understand
how these decisions are beingmade.
Dr. Ralph Ford (24:49):
And I assume you're also trying to use the
technology to better thesecurity in the defense of our
federal systems too.
Jeremy O'Mard (24:58):
Yeah, so a lot of people think AI is good to take
everyone's job. But as far aswhat we're focusing on the
federal space, we're trying toleverage AI as the quote unquote
loyal wingman, how can AI kindof take some of the mundane
tasks that the averagecybersecurity analyst has to
work on, so that they can focuson some of the more critical
pieces of the job. One greatexample is log analysis, whether
(25:20):
you're in cybersecurity whetheryou're a software engineer or
developer, if you had to comb aset of logs, you would go crazy
after a while, also to have AIbased solution that can just go
through the data and say, Okay,here's where the threat actor
may have tried to compromise thesystem. Or this is where a fault
in the system took place. Inlaw, your engineers, your
developers, your securityanalysts that actually focus on
(25:40):
the task at hand, that's a hugewin. IBM produces a study, both
in the cost of a data breach aswell as security operation
center report, the kind ofunderlying some of the pain
points that securitypractitioners go through. And
one of the biggest things withsecurity practitioners have to
deal with so much data that itactually inhibits them from
performing some of theircritical tasks. So leveraging AI
(26:02):
to kind of comb through the datato look for red flags, and allow
the security analysts, theengineers, the practitioners to
actually respond to threats, isgonna be one of the best
outcomes that we can get from AIbased solution.
Dr. Ralph Ford (26:15):
What are the ones that I'm gonna have a
specific example. So switchingback to a little bit about what
we hear in the news every day,is that organizations and
companies are hacked, and theirdata is held hostage. In fact,
it's happened quite a few schooldistricts, I know what happens
to companies. Are there anyoptions that a company has once
(26:35):
you've been hacked that way tonot pay the ransom?
Jeremy O'Mard (26:38):
Yes. So there are various resources that
organizations could leverage.
First and foremost, one of thebest ones is to reach out to
your local, FBI department orcenter. The only downside to
this is just like anything ingovernment, sometimes it does
take several days, two weeks forthe paperwork to go through the
motions. And for case agentsactually work on set of
requests. So the next best thingto do, probably the best thing
(27:01):
to do is to practice gooddigital hygiene, whether that's
backing up your systems on a dayto day basis, or as often is
necessarily based on your usecase and your risk appetite. And
ensuring that you havesafeguards to restore your
system, if it has beencompromised, is a great
alternative to paying theransom. Some people do pay the
ransom, just becausehistorically, some threat actors
(27:23):
have been more reliable torelease today, the but then when
you actually work with a threatactor to have them release your
data, there's a good opportunitythat you're going to be extorted
again, because just because theygave you access to your system
doesn't mean they don't haveaccess to the data that was
already compromised. So the bestthing to do is to ensure that
you're doing routine backups ofyour system, that you're working
(27:44):
with partners, whether it'sfederal partners, whether it's
other organizations to sharewhat are known as indicators of
compromise, and to just workacross the greater cyber
community to kind of understandhow these threat actors gained
access to your system. And howyou can actually restore your
system are great alternatives topaying the ransom.
Dr. Ralph Ford (28:06):
My guess when you pay that ransom to, they've
put their own latent hackingtechnology that they can make
sure that they get in there atsome future date if they want as
well.
Jeremy O'Mard (28:14):
Yeah, we've seen everything from threat actors
reentering someone's system andre compromising their system to
most hackers just after theyreceived the payment from the
ransom, they actually just putthe data on the dark web and
then sell it to another thirdparty. So now they're getting
paid twice. So it's better tokind of safeguard and strengthen
and harden your systems and topay the ransom because you're
(28:35):
never guaranteed the fact thatthat data is not going to get
out in the wild again.
Dr. Ralph Ford (28:41):
So can you give us a little preview of what
you're going to talk about atthe your lecture this evening?
Jeremy O'Mard (28:46):
Yeah, so without spilling the secret sauce. The
presentation is going to focuson the offensive use cases, the
defensive use cases, as well asthe future of AI in the
cyberspace domain. And I supposealso cover key examples of some
of the latest technologies thatare being implemented both by
the fenders as well asadversaries as well.
Dr. Ralph Ford (29:05):
Sounds like it's going to be interesting talk
looking forward to it. And letme ask you this, what advice do
you have for current prospectivestudents? Who or anybody out
there who's considering a careerin cybersecurity?
Jeremy O'Mard (29:18):
Yeah, so, to me, there's three things to focus on
one, if there's a position orthere's a company that you're
interested in, make sure toreach out to someone, whether
it's alumni, whether it'sstudents, whether it's faculty,
to get an understanding of therole of the company and things
of that nature. Because at theend of the day, there's always a
statistic saying that there'smillions and millions of jobs in
(29:38):
the cyberspace domain that aregoing unfilled. A lot of
practitioners including myself,we want to advance the next
generation of cyber warriorsbecause I always joke I want to
help people because I also wantto be able to retire. And if
these jobs are hard and go aregoing unfulfilled, that means
that I have to work longer andharder at the end of the day
too. So help me help you. Let meknow if there's something that
(29:58):
you're interested in and I willbe glad to share my experiences
with you as well, too. A lot ofpeople want to focus strictly on
technical skills right out thereacademia, I would also say focus
on some of those soft skills,especially problem solving.
Because problem solving is oneof those skill sets that you can
use in technical roles and nontechnical roles. At the end of
the day, we're all problemsolving something. So the
(30:19):
sharper and your problem solvingskills, that's going to allow
you to see whether you're in atechnical role or a managerial
role, or even client facingrole. And then three, don't be
afraid to fail. Oftentimes,people hold themselves back from
getting into a new position orlearning a new skill set,
because they want to stay as anexpert in one domain, or they
don't want to seem as thoughthey're incompetent in another
(30:42):
domain, but being able to trysomething new, figure out if you
like it or not. And even if youfail, you can always reach out
to someone get additional help,and then become the future Smee
in that given skill set or thatdomain as well. And it also
allows you to kind of feel asthough you have to prove
yourself, because if you fail,then you can either quit, or you
can try again. And most peoplewho are going to try again, are
(31:04):
the ones that do everythingright the next time. So they're
going to study harder, they'regoing to reach out to their
connects, they're going toconduct their independent
research, and then they're goingto try again, and they're gonna
do better than their previousattempt. So don't be afraid to
fail, because you can only moveforward at the end.
Dr. Ralph Ford (31:19):
Great advice and sounds like a fascinating
career. And to your point, weneed a lot of cybersecurity
experts for the future of thiscountry. So we're coming to the
end of our show. Do you have anyfinal words or any anything
Jeremy O'Mard (31:33):
Yeah, going back to the earlier point about just
you'd like to add?
staying connected and acts andquestions. If there's anyone
who's interested incybersecurity, IT consultant,
anything technical, feel free toreach out to me on LinkedIn. My
name is Jeremy O'Mard, that's J.
E. R. E. M. Y. And O. apostropheM. A. R. D., and then put a note
in your friend requests thatyou're reaching out to me
(31:53):
because you listen to theBehrend Talks podcast. I often
joke with those who reach out tofolks on LinkedIn, especially
being a cybersecurityprofessional, if you just send
me a friend request and we haveno mutual connections, and it
just comes out of the blue. I'mprobably just going to assume
that the spam and not accept it.
So help me help you and just letme know that you want to reach
(32:14):
out to me based on this talk ora given area of expertise.
Dr. Ralph Ford (32:18):
All right. Well, thank you for your generous
offer. Always great to see you.
My guest today has been JeremyOmar. He is the senior managing
consultant in the hybrid cloudmanagement practice at IBM
consulting. It's been a pleasureJeremy.
I'm Dr. Ralph Ford, Chancellor of Penn State
Behrend and you're listening toBehrend Talks. My guest today is
Jeremy O'Mard, a Behrend alumnuswho now works as a senior
managing consultant in thehybrid cloud management practice
at IBM Consulting. Welcome here,Jeremy.
Jeremy O'Mard (00:16):
Thanks for having me.
Dr. Ralph Ford (00:17):
Well, you're not a stranger. I known you for a
few years. But I'm going to takea few minutes. And I'm going to
read through your biography,because it's quite impressive.
You're a 2013, graduate of theManagement Information Systems
Program here at Behrend. Andvery nicely, you were just one
of 16 Alumni chosen to receive a2021 Penn State Alumni
(00:39):
Achievement Award, which honorsalumni, 35 years of age and
younger for extraordinaryprofessional accomplishments.
And only about 100 alumni havereceived that to date. And eight
of them are Penn State Behrendgraduates. And we're super proud
that you got that award. And youshould be as well. Absolutely.
And I'll go a little further. Asa managing consultant and
(01:01):
systems engineer with IBM saysyou're responsible for the
installation, maintenance andsecurity of the company's
commissary, advanced rescaledtransaction system, hardware
software solution used at theDepartment of Defense
commissaries around the world.
And some of that may be a littleout of date, we'll get into all
the things that you do, I justwant to talk a little bit about
(01:22):
you know, recognize the workthat you do care for bear and
your treasure of barons, blackleadership alumni Coalition,
which we all affectionately callhere be black. And you are
president of the university'sAfrican American alumni
organization of DC interestgroup. And you also volunteer
with the Maryland Defence Force,a Volunteer State Military
(01:43):
agency, and one of the fourcomponents of the Maryland
military departments. So a lotof great accomplishments and
only 10 years out. Anyways, I'lljust start by saying what
brought you to Penn StateBehrend? How did you end up
here?
Jeremy O'Mard (02:00):
Yeah, so I always knew that I wanted to come to
Penn State. During the collegerecruiting cycle. My focus was
really on Penn State, VirginiaTech and Maryland. Maryland, of
course, being where I'm from wasway too close to home. So I
decided to not go to Universityof Maryland. Great decision, by
the way. So it really came downto Penn State and Virginia Tech.
And when I actually came tovisit Behrend campus, I fell in
(02:21):
love with the faculty, thestaff, the campus life, and the
fact that there's just so muchnatural beauty around the
Behrend campus. Decide the Simonway.
Dr. Ralph Ford (02:31):
Well, as we were discussing when you came in
today, well, I'll mark the datetoday is Monday, November 6, and
you've got a day full ofactivities, including being the
featured speaker here on campusin the Behrend speaker series
this evening, and we'll talkabout that. But you said the
first place that you came tocampus is the building that
we're in right now, which is thehistoric Glen Hill Farm. So did
(02:53):
you just wander in here andknock on the door? How did you
end up in this building?
Jeremy O'Mard (02:57):
For whatever reason they told us to report
here, we did a campus tour. AndI know Miss Felicia was here.
And Giselle Hudson was here aswell. And they were one of the
first two faculty that I met,when ironically, I still keep in
contact with them to this day.
So today feels almost like amini homecoming, just because
I'm kind of going through themotions and revisiting the
campus. I'm looking at it from aunique perspective now being an
(03:19):
alumna.
Dr. Ralph Ford (03:21):
Well, you know, now that you mentioned, when you
came here to visit, we actuallyhad the admissions people
probably here in this building.
And shortly thereafter, we movethem to the Metzger, alumni and
admission center once that wasbuilt, so it makes a lot of
sense. So, you know, you decidedto choose management information
systems, did you have a careerpath in mind? Or did it just
sound like, hey, that'ssomething interesting that I
(03:43):
wanted to study, or did you knowwhat you wanted to do?
Jeremy O'Mard (03:47):
Yeah, so I always knew I wanted to get involved
with technology. That was theeasiest part. Honestly, I
actually started as a computerengineer major, and I was having
a conversation with my RA. And Iknow I kind of want to get into
consultant and he kind of gaveme an overview of the MIS
program. And in my opinion, thataligns perfectly with what I
wanted to do, because itprovided you both with the
business aspect, as well as thetechnology aspect. And I was
(04:09):
also able to get my SAPcertificate on top of that. So
once I learned about thebenefits mis how the program was
structured, and how it reallyallowed you to focus on both the
technical and business side, Idecided to have a conversation
with one of the academicadvisors. And once I had that
conversation, I felt reallycomfortable about switching to
mis and here I am today, seniormanaging consultant at IBM and I
(04:29):
felt as though I made a greatdecision.
Dr. Ralph Ford (04:31):
Well, it's a great combination bill to get
that degree. And then like yousaid, like SAP certificate and a
lot of other things that you canadd on and mask who are the
influential faculty members inthe MIS program.
Jeremy O'Mard (04:45):
So one caveat, I really have to say that I really
did love my time at Behrend,especially as a MIS practitioner
and the course that materialthat was provided it really
prepared me for the realbusiness world. Ironically, my
first project and IBM is federalsector was working with
Citizenship and ImmigrationServices. And the project was
based on Agile softwaredevelopment, which is exactly
(05:07):
what I learned during my time atBehrend. So it was nice to
actually learn about the topicand actually see it come to
fruition, coming out ofundergrad, because I know one of
the biggest concerns is youlearn so much in university, but
you really get to apply what youlearned. And I can say, without
a doubt, Behrend did prepare mefor the real world. Now going
back to the question or thetopic of faculty who really left
(05:28):
an impression on me, first andforemost, Dr. Noce to this day,
I still have conversations withher. And she really helped to
shape my early professionalcareer track, but you don't miss
it as well, especially when wefocused on all things business
intelligence, that was one of myfirst standout positions within
IBM as well, having that courseload focusing on IBM Cognos
Tableau Power BI. And when Iworked with our Business
(05:51):
Intelligence Team for USCIS, Iwas able to kind of just hit the
ground running because Iunderstood those early
foundational concepts. So Idefinitely say those two are
people who to this day, I wantto say thank you for just being
able to provide me with realworld insight.
Dr. Ralph Ford (06:05):
Yeah, they're great faculty members of his
great faculty for the entireprogram. And, you know, I'm not
in the program, but I'm acomputer electrical engineer,
and have had the pleasure towork with them. And I know
they're very passionate aboutsystems design, all those things
make sense to me. And by theway, I'm a former IBM or myself.
And I wrote a book onengineering design, which was
(06:29):
really a systems design bucking,I've always held that if I
didn't have that experience,integrating complex systems when
I was at IBM, I would have neverwritten that book. And I think
that it really added a lotbecause of that, that experience
of really added a lot to theprofession that was missing. But
anyway, so let's talk as well.
So you know, you had the greatacademic side to your experience
(06:49):
here. But let's talk about thethings that you did outside of
the classroom. What were thethings that you were involved
in? I know you were involved inDelta Chi and Multi Cultural
Council and some otherorganizations? What was that
experience? Like here on campus?
Jeremy O'Mard (07:03):
Yeah, absolutely.
So I'm a firm believer of to getthe whole college experience,
you have to focus on both theacademic side as well as the
social aspect. And honestly,getting involved with the
various student organizationshave helped me to take
leadership roles, not onlywithin IBM, but then the
Maryland Defence Force as well.
The beauty of working withstudent based organizations are
(07:23):
they're all diverse based on thenature of the organization. And
just like in the real world,whether it's corporate America,
whether it's in the publicsector, whether it's an
academia, being able to kind ofwork with a diverse populace is
a strength in itself, becauseyou have diversity of thought.
And you understand that you havethe option or the ability to
look at things from a uniqueperspective. So getting involved
(07:45):
with those students,organizations really allowed me
to hone my leadership skillsreally work with a diverse set
of individuals, and really getto try things in a relatively
safe manner. Because as astudent leader, if you fail, you
often fail, recover, and tryagain. And I feel as though if
you've never had the opportunityto fail, or as I like to say,
fail fast. When you get into thebusiness world or the post grad
(08:07):
world, you're kind of shy orhesitant to try or take risks,
because you just never had thatopportunity or forum to really
fail in a safe manner. Sostudent organizations really did
allow me to kind of hone hone myleadership skills, and try new
and unique things.
Dr. Ralph Ford (08:22):
And you were not only involved in leadership
organizations, but you served asa mentor, you were in a program
known as the Fast Start PeerMentor Program. Do you remember
that and what it was?
Jeremy O'Mard (08:32):
Absolutely. So Fast Start really connects.
There's a three components ofit. There's a student piece for
the income refreshments, and youhave student mentors, you have
alumni mentors, and then youhave faculty mentors, and I
actually was able to participateboth as a student mentor and as
well as an alumni mentor, andbest starts a great way to pay
for it because I remember myfirst couple of weeks at Baron,
(08:53):
you're trying to kind of, youknow, figure out what to do with
how to navigate the college lifescene. And having someone who's
been there done that had this tshirt to prove it was a great
way to kind of pay for them.
Help them the next generation ofPenn say there's really kind of
understand what's out there. Asfar as academia goes. And
Dr. Ralph Ford (09:13):
while you're here, you received a university
wide award. Notice the JacksonLethbridge tolerance award. And
it recognizes a student foroutstanding efforts to create a
community where everyone isequally valued in our community.
So what did what did receivingthat mean to you?
Jeremy O'Mard (09:29):
Yeah, so it caught me completely off guard
because sometimes, when you dowhat you love, and when you just
really just want to continue tomake your campus a better place.
You kind of don't really thinkabout awards or receiving any
type of recognition. So when Igot the letter of notice,
stating that I was the recipientof the award and they were
(09:49):
having ceremonies both atBehrend as well as University
Park campus. It caught mecompletely off guard just
because I was recognized forproviding the solution working
with the client In theeducational equity to provide a
proof of concept for informationsystem that would consolidate
student data's. So admissionsfaculty and other staff would be
able to kind of monitor theprogress of students and
(10:12):
understand some of their painpoints when it comes to
traversing the academiclifecycle. And that was probably
one of my mis projects. And itjust made sense for me just
because of how involved that waswith educational equity. So when
I was recognized for it, Ididn't even think anything of it
just because it was justsomething I wanted to do, the
better the university. So it'snice to be recognized for stuff
that advances the cause of amajor university. But they've
(10:35):
just really caught me off guard.
Dr. Ralph Ford (10:37):
It was nice, and that it really connected what
you were doing in the classroomand your your coursework. And so
great experience. And right nowyou're you're currently
involved. So you've remainedinvolved at Barrington. I'm
always happy to see you at theparents family alumni weekend,
and probably more than that eacheach and every year as you come
back to campus. But oneorganization that's been formed
(10:59):
in the last few years issomething called the Behrend
Black Alumni Coalition, and it'shaving a large impact. What is
it? And what do you do?
Jeremy O'Mard (11:06):
Yeah, so what do I do? I'm the treasurer for
BBLAC. I'm the inauguraltreasurer at that. So that's
kind of cool. And be back isreally a way to kind of foster
the alumni experience, postgrad.
One thing, having been involvedwith the AAA owes the African
American alumni organizationswithin the Penn State Alumni
Association. And one of thenumber one complaints that we
receive is, once you leave theuniversity, whether you're at
(11:28):
University Park, whether you'reat one of the commonwealth
campuses, if you're outside ofthe state of Pennsylvania, it's
kind of hard to foster that PennState relationship. So
leveraging what I knew and whatI experienced with the AAAO's, I
worked with the leadership forBlack to really provide a way
for black alumni and supportersof the mission to be black to
kind of have a way to stayinvolved with the university to
(11:50):
understand some of the major keypoints such as recruitment and
retention of students of color,and really to provide them with
a forum for where they can kindof voice their concerns. So I'll
work with the university as wellas students to come up with
programs and ideas to recruitand retain students of color,
and to really still stayconnected with the university.
Dr. Ralph Ford (12:11):
So do you have any particular students that
you're working with right nowand mentoring through that?
Jeremy O'Mard (12:15):
Yes. So ironically, one of the students
that I'm mentoring actuallywasn't Ruby black, but it was
through my work with IBM, andshe actually participated in IBM
had a program that just kind ofprovided various some overviews
of the different tracks andconsultants, which is business
analytics, cybersecurity,infrastructure and software
development. And we kind offoster the relationship just
(12:36):
based on the fact that we wereboth 10 sailors who magically
were assigned to each other. Andshe was also focused on
cybersecurity as well. And tothis day, we still have ongoing
conversations. She's doingpostgrads studies at Penn State
again, which is awesome. Andshe's still pursuing additional
certifications withincybersecurity looking to obtain
their security plus, so that'sthe beauty of Penn State,
(12:57):
there's always people who wantto continue to hone their skill
sets and leverage the experienceof alumni. And I just love the
ability to be able to give backand pay for it to the next
generation of students andalumni leaders.
Dr. Ralph Ford (13:10):
Well, we appreciate it. And the whole
institution benefits. Let meswitch now though, to to your
industry career. So you'veserved in a number of roles and
IBM since 2014. I'll just runthrough a few you helped the
Department of Homeland Securitytransition the US Citizenship
and Immigration Services from aform and paper based system to a
(13:33):
new electronic platform. You'vehelped the army develop and
maintain a web based tool fortracking the professional
development of noncommissionedofficers. My guess is you do a
lot of top secret work that youcan't really talk about, and
tell us. But what's your joblook like day to day? What is it
that you do?
Jeremy O'Mard (13:52):
So the beauty of consultant is my job changes
based on my client, which isawesome, because every new
clients a new job or a newopportunity. So if you're
someone who gets bored of doingthe same thing over and over
again, I highly recommendconsultant because you can kind
of shape your day to dayactivities. Currently, I still
support the Defense CommissaryAgency. And the beauty of that
project is, wherever theDepartment of Defense has a
(14:14):
commissary around the world, IBMhas a footprint. So it's a
powerful gift in the curse,because I work with our system
engineering team. And I'mresponsible not only for the
availability of the application,but security standpoint as well.
So monitoring over 5000endpoints distributed across 100
Plus locations around the worldas a job in itself. But I do
(14:34):
like the work that I do. I getthe ability to travel overseas.
I've been to Pearl Harbor,Hawaii, I've been to Okinawa,
and I've really just had theability and the opportunity to
see how our solution actuallybenefits our service members.
And they always joke and saythat commissary privileges are
their number one benefit forserving our nation. So to ensure
that those systems are up andrunning, and that they are able
(14:57):
to kind of capitalize on thosebenefits is a huge win. My book.
So you,
Dr. Ralph Ford (15:02):
you're based in DC, Virginia, Maryland area
correct. And you've haven't hadto move around, but you get to
travel all over the world.
Absolutely. That's pretty gooddeal. Like you're close to home,
you're close to learn the actionin this country. So it's a good
place to be. So you workdirectly with the federal
government. Correct? And how doyou like working with the
government? You know, we knowit's large and complex, you
(15:22):
know, but it sounds like you'redoing some really interesting
projects.
Jeremy O'Mard (15:27):
Yeah. So I always knew once I graduated from Penn
State, one to work withgovernment in some capacity,
whether it was being a civilservant, or whether it was being
a contractor. And IBM gave methe ability to kind of wear both
hats, especially since we have alarge federal clientele. So I do
like working with the federalgovernment. Because ultimately,
when you advance their missionhas real world impacts on the
(15:48):
average citizens. And residentsof the United States as well as
our allies as well. In my space,I focused on defense and Intel.
So not only am I working with usbased organizations, but I'm
working with some of ourpartners as well. And I'm
actually a part of a internalconsortium within IBM that
focuses on the defense and intelcommunity across the world. So
it's nice to work with otherpractitioners in the UK and
(16:09):
Italy and France, and kind ofpick their minds and see how
their government organizationsare handling certain issues,
especially in the cyberspacedomain.
Dr. Ralph Ford (16:17):
And you also you volunteer for something called
the Maryland Defense Force.
Correct. And what is that?
Jeremy O'Mard (16:23):
Yeah, so the Maryland Defense Force is one of
a number of state defense forceswithin the United States and its
territories. The big differencebetween state defense forces and
a state or territory is NationalGuard and state defense forces
are strictly a state asset, theyfall under Title 32, whereas
National Guard to be federalizedunder Title 10. So the biggest
differences were strictly stateasset, we have no federal
(16:44):
funding whatsoever, which isunique, because there are
oftentimes opportunities wherewe're cross training with our
state's National Guard, becausethey're getting ready to be
deployed overseas or support thefederal mission. And we serve as
a force multiplier for ourNational Guard counterparts.
Because, of course, when theyleave their respective states or
territories, that leaves acritical shortfall within that
(17:05):
given area of responsibility.
And that's where state defenseforces really have the ability
to kind of shine and focus onthat critical gap that needs to
be maintained.
Dr. Ralph Ford (17:14):
It's pretty amazing, actually, that that's a
volunteer force and theimportance of the work that you
do.
Jeremy O'Mard (17:19):
Absolutely. The historical origin of state
defense forces, some statesrefer to them as state guards or
state military reserves. It goesback to the early colonial times
where states only had themilitia. But the formal statute
goes back to the early 1900s,during World War One. And
sometimes there areopportunities for paid
positions, especially whenyou're called up to say active
(17:40):
duty. But nine times out of 10,most folks who served with the
state defense force areliterally serving on volunteer
status, which is also unique initself, because of course, our
National Guard counterparts doget paid when they have their
traditional drill weekends. Andthere's a running joke,
especially in Maryland with ourNational Guard and our state
defense force, where they liketo say that, hey, the folks from
the Maryland Defence Force,they're here because they want
(18:01):
to be here. So you guys have tomake sure that you're doing your
job because they're here to doit no matter what.
Dr. Ralph Ford (18:06):
Very nice. Well, in you know, more recently, in
2019, in your work at IBM, youstarted to oversee the day to
day operations, something knownas the security infrastructure
team, which providesauthentication and disaster
readiness for the SocialSecurity Administration, hugely
important to this country. Andyou manage a whole variety of
(18:28):
things from security tomaintenance and upgrades. Can
you tell us what that's about?
Jeremy O'Mard (18:33):
Yes. So that was unique project in itself,
because, again, like he focuseson the defense and Intel side,
so going to Social Security, Ikind of wanted to shake things
up and still stay within thesecurity infrastructure domain,
but focus on different clienttell base, and just learn about
the Social SecurityAdministration, and how the
application that we oversaw,really was the focal point for
(18:54):
everything. So security did thatin itself was amazing, because
every service has to go throughour system. And just seeing the
amount of transactions that arebeing run the amount of personal
identifiable information andsensitive information going
through the system andunderstanding how you need to
secure that information. Thatwas kind of eye opening, because
Social Security does impact usall. So having that footprint
(19:16):
and having a project that hassuch a high level of importance.
I was kind of humbled to be apart of that project, because
our team literally worked aroundthe clock to make sure that the
application was up and running,and that the security services
were running in the background.
And ultimately, that folks whowere entitled to their benefits,
were able to get them in atimely and efficient manner.
Dr. Ralph Ford (19:35):
Yeah, I can imagine that. It's a ripe target
for hackers and phishing andtrying to trick people and you
know, as they say, defendershave to be right 100% of the
time, but bad guys only have tobe right once. Absolutely.
That's puts a lot of pressure onyou.
Jeremy O'Mard (19:50):
It does. I think the beauty of it though, is you
understand the importance of setsystem so they kind of offset
some of the pressure, not 100%Because there's always going to
be the Last year, when you'reworking on services or systems
that have national importance,but at the end of the day, when
they run you, you kind of feelrewarded, because your system is
literally doing something thatpeople depend on at the end of
(20:12):
the day.
Dr. Ralph Ford (20:13):
So, you know, can you give us a flavor, we
always know hackers have been athreat. We all experience it on
a day to day basis, but what yousee has to be super
sophisticated. Can you tell us abit about what are the threats
like and how are they constantlyevolving?
Jeremy O'Mard (20:29):
Yeah, so it's interest that you brought the
sophisticated aspect of it,because it really depends on the
threat actor. So for example,working with a lot of mine,
defense contractors, most of ourbiggest adversaries are other
nations. And of course, theyhave unlimited resources to
leverage the latest tactics,techniques and procedures to
exploit the system. So sometimesyou really do see some advanced
(20:51):
exploits being thrown at yoursystem. But nine times out of
the 10. In most use cases thatI'm tracking, one of the biggest
attack vectors is socialengineering, because at the end
of the day, humans are both thestrongest and the weakest link
in the security chain. From asecurity and cyber awareness
perspective, if you're aware ofwhat the adversary is doing,
you're less likely to fall fortheir scams and compromised
(21:14):
system. But if you're not aware,they don't necessarily the hack
into the system, they just needto hack you. So social
engineering has been a hugething that we're focusing on.
And even in my role with theMaryland Defence Force, one of
our biggest campaigns is toreach out to the communities and
host cyber awareness and digitalhygiene related courses so that
those in the communityunderstand how hackers how
(21:36):
scammers compromised both peopleas well as systems and what you
can do as the average person tostay ahead of the adversary at
the end of the day.
Dr. Ralph Ford (21:43):
You know, it is it is amazing. And you think
you're really smart, figuringthem out, and seeing them. But
it's not always so clear nowthat I actually got caught in
one a few years ago, when I wastrying to get a passport, it
looked to me like it was theUnited States Government
website, and I had no idea itwas a different one, I was able
to resolve it pretty quickly.
But my point is, I oftenassociate this with people who
(22:03):
don't work day to day withcomputers. And the one day they
got me it was, it was a humblingexperience, actually, to realize
I just didn't quite look farenough into it.
Jeremy O'Mard (22:14):
Yeah, I think both the cool and scary part
about social engineering,they're literally companies that
work a nine to five to focus onscamming people. And when you
think about just how organizedsome of these organizations are,
it's kind of impressive, butit's also kind of scary at the
same time, because they havepeople who are clocking in just
like you and me on a day to daybasis to kind of understand how
(22:35):
humans traverse the internet andhow to kind of compromise them
at the end of the day. So itbecomes a digital game of cat
and mouse to see who's going tostay ahead of each other.
Dr. Ralph Ford (22:44):
It's rather frightening, but you know, it is
human nature, we shouldn't kidourselves, you think that people
would spend, if they were goingto work nine to five, they might
actually work on somethingproductive, but they find
themselves trying to do that.
And that's what happens a lotout there. And they know, of
course, we know security, theytrying to prey on elderly
people. And you know, there's alot there that all of us have a
vested interest in from ourfamily members and parents and
(23:07):
the like. So anyways, it's it'simportant that we have people
like yourself trying to protectthem. So now, you know, as we
hear about cybersecurity, andevery day in the news, we hear
the term AI ArtificialIntelligence. What does that
mean, in terms of the work thatyou do? And is it changing what
(23:27):
you're doing?
Jeremy O'Mard (23:29):
Yes. So the beauty of AI right now,
especially in the federalspaces, the biggest thing that
we're focusing on is regulation,and everything that stay the
security and privacy relatedbecause one of the biggest
concerns with AI is the factthat technology is outpacing
current regulations. And one ofthe focal points is, so you have
these systems that are able toingest data and manipulate data
(23:51):
to provide you with services andvalue at the end of the day. But
who owns the data? And who'sresponsible if the state is
leaked? And how do we ensurethat these systems don't have
bias or an end to them, becausefor most AI systems to learn,
they have to be provided with asample set of data. And who's to
say that that data is bothrepresentative of the user base
(24:14):
that you're trying to serve?
Who's to say it hasn't beencompromised. So regulations
really the biggest thing from myside of the house that we're
focusing on, because especiallywith the federal government, if
your systems aren't federallycertified, you can't deploy them
into production. So there are alot of things such as IBM
Watson, there's Chet GPT,there's Google barred, but
really, the government can'ttouch these systems unless
they're on their federallycertified platform as well. So
(24:35):
we're trying to figure out howto certify that the systems are
working as designed and that thealgorithms behind set systems
are transparent so that theaverage person can understand
how these decisions are beingmade.
Dr. Ralph Ford (24:49):
And I assume you're also trying to use the
technology to better thesecurity in the defense of our
federal systems too.
Jeremy O'Mard (24:58):
Yeah, so a lot of people think AI is good to take
everyone's job. But as far aswhat we're focusing on the
federal space, we're trying toleverage AI as the quote unquote
loyal wingman, how can AI kindof take some of the mundane
tasks that the averagecybersecurity analyst has to
work on, so that they can focuson some of the more critical
pieces of the job. One greatexample is log analysis, whether
(25:20):
you're in cybersecurity whetheryou're a software engineer or
developer, if you had to comb aset of logs, you would go crazy
after a while, also to have AIbased solution that can just go
through the data and say, Okay,here's where the threat actor
may have tried to compromise thesystem. Or this is where a fault
in the system took place. Inlaw, your engineers, your
developers, your securityanalysts that actually focus on
(25:40):
the task at hand, that's a hugewin. IBM produces a study, both
in the cost of a data breach aswell as security operation
center report, the kind ofunderlying some of the pain
points that securitypractitioners go through. And
one of the biggest things withsecurity practitioners have to
deal with so much data that itactually inhibits them from
performing some of theircritical tasks. So leveraging AI
(26:02):
to kind of comb through the datato look for red flags, and allow
the security analysts, theengineers, the practitioners to
actually respond to threats, isgonna be one of the best
outcomes that we can get from AIbased solution.
Dr. Ralph Ford (26:15):
What are the ones that I'm gonna have a
specific example. So switchingback to a little bit about what
we hear in the news every day,is that organizations and
companies are hacked, and theirdata is held hostage. In fact,
it's happened quite a few schooldistricts, I know what happens
to companies. Are there anyoptions that a company has once
(26:35):
you've been hacked that way tonot pay the ransom?
Jeremy O'Mard (26:38):
Yes. So there are various resources that
organizations could leverage.
First and foremost, one of thebest ones is to reach out to
your local, FBI department orcenter. The only downside to
this is just like anything ingovernment, sometimes it does
take several days, two weeks forthe paperwork to go through the
motions. And for case agentsactually work on set of
requests. So the next best thingto do, probably the best thing
(27:01):
to do is to practice gooddigital hygiene, whether that's
backing up your systems on a dayto day basis, or as often is
necessarily based on your usecase and your risk appetite. And
ensuring that you havesafeguards to restore your
system, if it has beencompromised, is a great
alternative to paying theransom. Some people do pay the
ransom, just becausehistorically, some threat actors
(27:23):
have been more reliable torelease today, the but then when
you actually work with a threatactor to have them release your
data, there's a good opportunitythat you're going to be extorted
again, because just because theygave you access to your system
doesn't mean they don't haveaccess to the data that was
already compromised. So the bestthing to do is to ensure that
you're doing routine backups ofyour system, that you're working
(27:44):
with partners, whether it'sfederal partners, whether it's
other organizations to sharewhat are known as indicators of
compromise, and to just workacross the greater cyber
community to kind of understandhow these threat actors gained
access to your system. And howyou can actually restore your
system are great alternatives topaying the ransom.
Dr. Ralph Ford (28:06):
My guess when you pay that ransom to, they've
put their own latent hackingtechnology that they can make
sure that they get in there atsome future date if they want as
well.
Jeremy O'Mard (28:14):
Yeah, we've seen everything from threat actors
reentering someone's system andre compromising their system to
most hackers just after theyreceived the payment from the
ransom, they actually just putthe data on the dark web and
then sell it to another thirdparty. So now they're getting
paid twice. So it's better tokind of safeguard and strengthen
and harden your systems and topay the ransom because you're
(28:35):
never guaranteed the fact thatthat data is not going to get
out in the wild again.
Dr. Ralph Ford (28:41):
So can you give us a little preview of what
you're going to talk about atthe your lecture this evening?
Jeremy O'Mard (28:46):
Yeah, so without spilling the secret sauce. The
presentation is going to focuson the offensive use cases, the
defensive use cases, as well asthe future of AI in the
cyberspace domain. And I supposealso cover key examples of some
of the latest technologies thatare being implemented both by
the fenders as well asadversaries as well.
Dr. Ralph Ford (29:05):
Sounds like it's going to be interesting talk
looking forward to it. And letme ask you this, what advice do
you have for current prospectivestudents? Who or anybody out
there who's considering a careerin cybersecurity?
Jeremy O'Mard (29:18):
Yeah, so, to me, there's three things to focus on
one, if there's a position orthere's a company that you're
interested in, make sure toreach out to someone, whether
it's alumni, whether it'sstudents, whether it's faculty,
to get an understanding of therole of the company and things
of that nature. Because at theend of the day, there's always a
statistic saying that there'smillions and millions of jobs in
(29:38):
the cyberspace domain that aregoing unfilled. A lot of
practitioners including myself,we want to advance the next
generation of cyber warriorsbecause I always joke I want to
help people because I also wantto be able to retire. And if
these jobs are hard and go aregoing unfulfilled, that means
that I have to work longer andharder at the end of the day
too. So help me help you. Let meknow if there's something that
(29:58):
you're interested in and I willbe glad to share my experiences
with you as well, too. A lot ofpeople want to focus strictly on
technical skills right out thereacademia, I would also say focus
on some of those soft skills,especially problem solving.
Because problem solving is oneof those skill sets that you can
use in technical roles and nontechnical roles. At the end of
the day, we're all problemsolving something. So the
(30:19):
sharper and your problem solvingskills, that's going to allow
you to see whether you're in atechnical role or a managerial
role, or even client facingrole. And then three, don't be
afraid to fail. Oftentimes,people hold themselves back from
getting into a new position orlearning a new skill set,
because they want to stay as anexpert in one domain, or they
don't want to seem as thoughthey're incompetent in another
(30:42):
domain, but being able to trysomething new, figure out if you
like it or not. And even if youfail, you can always reach out
to someone get additional help,and then become the future Smee
in that given skill set or thatdomain as well. And it also
allows you to kind of feel asthough you have to prove
yourself, because if you fail,then you can either quit, or you
can try again. And most peoplewho are going to try again, are
(31:04):
the ones that do everythingright the next time. So they're
going to study harder, they'regoing to reach out to their
connects, they're going toconduct their independent
research, and then they're goingto try again, and they're gonna
do better than their previousattempt. So don't be afraid to
fail, because you can only moveforward at the end.
Dr. Ralph Ford (31:19):
Great advice and sounds like a fascinating
career. And to your point, weneed a lot of cybersecurity
experts for the future of thiscountry. So we're coming to the
end of our show. Do you have anyfinal words or any anything
Jeremy O'Mard (31:33):
Yeah, going back to the earlier point about just
you'd like to add?
staying connected and acts andquestions. If there's anyone
who's interested incybersecurity, IT consultant,
anything technical, feel free toreach out to me on LinkedIn. My
name is Jeremy O'Mard, that's J.
E. R. E. M. Y. And O. apostropheM. A. R. D., and then put a note
in your friend requests thatyou're reaching out to me
(31:53):
because you listen to theBehrend Talks podcast. I often
joke with those who reach out tofolks on LinkedIn, especially
being a cybersecurityprofessional, if you just send
me a friend request and we haveno mutual connections, and it
just comes out of the blue. I'mprobably just going to assume
that the spam and not accept it.
So help me help you and just letme know that you want to reach
(32:14):
out to me based on this talk ora given area of expertise.
Dr. Ralph Ford (32:18):
All right. Well, thank you for your generous
offer. Always great to see you.
My guest today has been JeremyOmar. He is the senior managing
consultant in the hybrid cloudmanagement practice at IBM
consulting. It's been a pleasureJeremy.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!